Ticket #9559 (closed defect (bug): fixed)
Site search results can include passworded posts
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | 2.8 |
| Component: | General | Version: | 2.7.1 |
| Severity: | normal | Keywords: | has-patch |
| Cc: | coffee2code, ciaran@… |
Description
By default, WordPress's built-in search feature searches the contents of passworded posts. If the content of a passworded post matches the search criteria, WordPress will include that post in the listing of search results. While it is true that the post contents will not be displayed to the visitor (unless they know and have entered the password for the post), the fact that the otherwise protected post appeared in the search results allows for the visitor to search-bomb your site in an effort to deduce some of the content of the password-protected post.
Of course, external search (as done from Google) would never include the passworded post contents since that content is not available to external search engines.
I have released a plugin that addresses the issue and prevents passworded posts from being included in search results, but this may be something we may want to consider for core.
The attached patch prevents passworded posts from being included in search results on the front-end of the site (i.e. by visitors). It does not add the constraint on searches performed within the admin.
The drawback, of course, is that a visitor couldn't legitimately perform a search and find a passworded post that they may have the password for. Hence a privacy vs. usability issue, and I vote that privacy prevails. (I've seen the search-bomb happen, so it's a real concern.)
Attachments
-
bug9559.omit-passworded-posts-from-search.diff
(648 bytes) -
added by coffee2code 3 years ago.
- Aforementioned patch
Change History
coffee2code — 3 years ago
-
attachment
bug9559.omit-passworded-posts-from-search.diff
added
+1 for this. Until a site is search-bombed most users would be unaware that their password-protected posts are appearing in search result listings. The change works and it would be great to see this make it into 2.8 final.
- Owner changed from anonymous to ShaneF
- Status changed from new to assigned
I'll test it later.
There's no index on post_password, so this will likely seriously degrade query performance. I believe that's why it is not done now. Maybe this is acceptable if done only for search requests. Also, maybe we change from !is_admin to is_user_logged_in() so logged in users can still search from the front page.
Dup of #3317
comment:6
in reply to:
↑ 3
Denis-de-Bernardy — 3 years ago
Replying to ryan:
There's no index on post_password, so this will likely seriously degrade query performance.
No so. Or rather, only if there are multitudes of posts that have a password. Else, it'll just filter out a result here and there.
Also note that, if the vast majority of posts happen to have no passwords, and you look for posts without one as the only criteria in your query, the optimizer will simply ignore that index: A seq scan, on which you filter out those that have a faster, will generally be faster.
In fact, the likelihood is that you can even toss the following in, without any noticeable degradation of speed:
AND ( post_password = '' OR post_author = $user_id )
The optimizer would then filter the results returned by the index used based on that criteria, like this:
nested loop on index
for each row
check the above
break at $limit rows
- Status changed from assigned to closed
- Resolution set to fixed
I changed to use !is_user_logged_in(). If there are problems with that, shout.
For sure, you might have users of membership plugins that will complain about that decision, but it can be filtered out by the plugins themselves.
comment:11
coffee2code — 3 years ago
Looks good to me.
Aforementioned patch